PT-2026-44379 · Kidsview · Kidsview
Jakub Lewandowski
·
Published
2026-05-28
·
Updated
2026-05-28
·
CVE-2026-8990
CVSS v4.0
5.3
Medium
| Vector | AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Kidsview versions prior to 4.4.3
Description
A user with physical access to a smartphone can bypass the authentication mechanism of the Kidsview mobile application. This allows the user to grant themselves full access to the device owner's account by interacting with the application's push notification.
Recommendations
Update to version 4.4.3.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Kidsview